Debian Security Advisory

DSA-1461-1 libxml2 -- missing input validation

Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2,
the GNOME XML library, validate UTF-8 correctness insufficiently, which
may lead to denial of service by forcing libxml2 into an infinite loop.

For the old stable distribution (sarge), this problem has been fixed in
version 2.6.16-7sarge1.

For the stable distribution (etch), this problem has been fixed in
version 2.6.27.dfsg-2.